From: Steven Rostedt <rostedt@goodmis.org>
To: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: "Paul E. McKenney" <paulmck@kernel.org>,
syzbot <syzbot+972b924c988834e868b2@syzkaller.appspotmail.com>,
Josh Triplett <josh@joshtriplett.org>,
rcu@vger.kernel.org,
Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>,
dri-devel <dri-devel@lists.freedesktop.org>,
Geert Uytterhoeven <geert@linux-m68k.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
Linux Fbdev development list <linux-fbdev@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Nathan Chancellor <natechancellor@gmail.com>,
Peter Rosin <peda@axentia.se>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
syzkaller-bugs <syzkaller-bugs@googlegroups.com>
Subject: Re: WARNING: suspicious RCU usage in modeset_lock
Date: Fri, 18 Dec 2020 11:10:31 -0500 [thread overview]
Message-ID: <20201218111031.226f8b59@gandalf.local.home> (raw)
In-Reply-To: <CAKMK7uH1agVS=e245b=25Lv9Q+u5c7=KL-_NF8Hte10nKTqAXw@mail.gmail.com>
On Thu, 17 Dec 2020 11:03:20 +0100
Daniel Vetter <daniel.vetter@ffwll.ch> wrote:
> I think we're tripping over the might_sleep() all the mutexes have,
> and that's not as good as yours, but good enough to catch a missing
> rcu_read_unlock(). That's kinda why I'm baffled, since like almost
> every 2nd function in the backtrace grabbed a mutex and it was all
> fine until the very last.
>
> I think it would be really nice if the rcu checks could retain (in
> debugging only) the backtrace of the outermost rcu_read_lock, so we
> could print that when something goes wrong in cases where it's leaked.
> For normal locks lockdep does that already (well not full backtrace I
> think, just the function that acquired the lock, but that's often
> enough). I guess that doesn't exist yet?
>
> Also yes without reproducer this is kinda tough nut to crack.
I'm looking at drm_client_modeset_commit_atomic(), where it triggered after
the "retry:" label, which to get to, does a bit of goto spaghetti, with
a -EDEADLK detected and a goto backoff, which calls goto retry, and then
the next mutex taken is the one that triggers the bug.
As this is hard to reproduce, but reproducible by a fuzzer, I'm guessing
there's some error return path somewhere in there that doesn't release an
rcu_read_lock().
-- Steve
WARNING: multiple messages have this Message-ID (diff)
From: Steven Rostedt <rostedt@goodmis.org>
To: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Linux Fbdev development list <linux-fbdev@vger.kernel.org>,
syzbot <syzbot+972b924c988834e868b2@syzkaller.appspotmail.com>,
"Paul E. McKenney" <paulmck@kernel.org>,
Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
Josh Triplett <josh@joshtriplett.org>,
dri-devel <dri-devel@lists.freedesktop.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
rcu@vger.kernel.org, Geert Uytterhoeven <geert@linux-m68k.org>,
Nathan Chancellor <natechancellor@gmail.com>,
Peter Rosin <peda@axentia.se>
Subject: Re: WARNING: suspicious RCU usage in modeset_lock
Date: Fri, 18 Dec 2020 11:10:31 -0500 [thread overview]
Message-ID: <20201218111031.226f8b59@gandalf.local.home> (raw)
In-Reply-To: <CAKMK7uH1agVS=e245b=25Lv9Q+u5c7=KL-_NF8Hte10nKTqAXw@mail.gmail.com>
On Thu, 17 Dec 2020 11:03:20 +0100
Daniel Vetter <daniel.vetter@ffwll.ch> wrote:
> I think we're tripping over the might_sleep() all the mutexes have,
> and that's not as good as yours, but good enough to catch a missing
> rcu_read_unlock(). That's kinda why I'm baffled, since like almost
> every 2nd function in the backtrace grabbed a mutex and it was all
> fine until the very last.
>
> I think it would be really nice if the rcu checks could retain (in
> debugging only) the backtrace of the outermost rcu_read_lock, so we
> could print that when something goes wrong in cases where it's leaked.
> For normal locks lockdep does that already (well not full backtrace I
> think, just the function that acquired the lock, but that's often
> enough). I guess that doesn't exist yet?
>
> Also yes without reproducer this is kinda tough nut to crack.
I'm looking at drm_client_modeset_commit_atomic(), where it triggered after
the "retry:" label, which to get to, does a bit of goto spaghetti, with
a -EDEADLK detected and a goto backoff, which calls goto retry, and then
the next mutex taken is the one that triggers the bug.
As this is hard to reproduce, but reproducible by a fuzzer, I'm guessing
there's some error return path somewhere in there that doesn't release an
rcu_read_lock().
-- Steve
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
next prev parent reply other threads:[~2020-12-18 16:11 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-16 1:14 WARNING: suspicious RCU usage in modeset_lock syzbot
2020-12-16 1:14 ` syzbot
2020-12-16 9:52 ` Daniel Vetter
2020-12-16 9:52 ` Daniel Vetter
2020-12-16 16:16 ` Paul E. McKenney
2020-12-16 16:16 ` Paul E. McKenney
2020-12-17 8:28 ` Dmitry Vyukov
2020-12-17 8:28 ` Dmitry Vyukov
2020-12-17 10:03 ` Daniel Vetter
2020-12-17 10:03 ` Daniel Vetter
2020-12-17 15:21 ` Paul E. McKenney
2020-12-17 15:21 ` Paul E. McKenney
2020-12-18 1:29 ` Boqun Feng
2020-12-18 1:29 ` Boqun Feng
2020-12-18 11:27 ` Dmitry Vyukov
2020-12-18 11:27 ` Dmitry Vyukov
2020-12-19 1:00 ` Tetsuo Handa
2020-12-19 1:00 ` Tetsuo Handa
2020-12-21 15:55 ` Boqun Feng
2020-12-21 15:55 ` Boqun Feng
2020-12-18 16:10 ` Steven Rostedt [this message]
2020-12-18 16:10 ` Steven Rostedt
2020-12-18 16:23 ` Daniel Vetter
2020-12-18 16:23 ` Daniel Vetter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201218111031.226f8b59@gandalf.local.home \
--to=rostedt@goodmis.org \
--cc=b.zolnierkie@samsung.com \
--cc=daniel.vetter@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=geert@linux-m68k.org \
--cc=gustavoars@kernel.org \
--cc=josh@joshtriplett.org \
--cc=linux-fbdev@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=natechancellor@gmail.com \
--cc=paulmck@kernel.org \
--cc=peda@axentia.se \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=rcu@vger.kernel.org \
--cc=syzbot+972b924c988834e868b2@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.